Monday July 18, 2016

A study has found that many fitness trackers lack secure connections or tamper protection, allowing hackers to access or potentially manipulate user data. Out of the devices tested, the Apple Watch was actually the most secure and "impossible to hack," although its airplane mode carries certain risks.

The highest risk came from devices made by Runtastic, Striiv and Xiaomi, with seven to eight potential vulnerabilities out of 10. "These products can be tracked rather easily, use inconsistent or no authentication or tamper protection, the code of the apps is not sufficiently obfuscated (to secure data), and data traffic can be manipulated and monitored with root certificates," the report said."Worst of all, Xiaomi even stores its entire data unencrypted on the smartphone." The researchers noted that security should be taken more seriously as fitness trackers move beyond the casual athlete, and health insurers use such devices to set rates or offer discounts.